Inicio Explorar Ayuda
Iniciar sesión
studen
/
rproxyDocker
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki

Sin descripción

Rama: master
Ramas Etiquetas
rproxyDocker
ZIP TAR.GZ
Andrej Studen a880a1c527 Updating README and providing new configuration files for step by step comissioning. hace 1 semana
bin 163dc468a8 Adding license hace 1 semana
config a880a1c527 Updating README and providing new configuration files for step by step comissioning. hace 1 semana
www 163dc468a8 Adding license hace 1 semana
LICENSE 163dc468a8 Adding license hace 1 semana
README.md a880a1c527 Updating README and providing new configuration files for step by step comissioning. hace 1 semana

README.md

Reverse proxy

A docker implementation of a nginx reverse proxy with ambition to serve [LabKey][labkeyDocker].

Installation and use

After cloning, copy bin/envProxy.sh.sample to bin/envProxy.sh. Typically, settings should be OK, bit envProxy.sh let's you set:

  • COMPOSE: the compose file used in running reverse proxy
  • CONTAINER_NAME: what name to set to the docker container service
  • NETWORK: name of the network container will be attached to. Serving services should be attached to the network of the same name in respective compose files.
  • DOCKERCOMPOSE: which docker compose to use, legacy version came with a dash.

Building the configuration

The configuration for nginx sites should be placed in config/conf.d, and http.conf.off is an example forserving a (trivial) http only site. For starters, change suffixes of all other files in conf.d to conf.off and only enable http.conf, and start the server via:

bin/startRProxy.sh

Accessing http://localhost should show you the default landing page with some text attesting to the fact.

EXPERT CORNER: The rproxy server out of the box provides a nginx.conf file, where a statement drives the proxy to include files ending in .conf. Changing suffix to conf.off discards such files from nginx consideration

For SSL, you should obtain SSL certificate either through your own CA or a CA service like certbot. Then update https.conf.off accordingly and activate it by changing suffix to .conf, and disable plain http by adding suffix .off. For the first test, disable client verification (set ssl_verify_client to off). Try accessing the page again to validate for SSL access. If you have a client certificate matching the CA, you can set verification to on and check client verification as well.

For redirecting to embedded service like labkey, look at labkey.conf.off and adjust proxy_pass directive to reflect your setup. You may use directory based or server name based redirection to services, in the later case server_name directive will drive service selection.

Starting, stopping and reloading

Utility scripts in bin allow to start, startRproxy.sh, stop stopRproxy.sh and reload configuration, reloadRproxy.sh.

EXPERT CORNER: There are also startNetwork.sh and stopNetwork.sh utility scripts, where range of IP addresses can be set, which can be useful in local IP clash avoidance.